CVE-2008-1083
high-risk
Published 2008-04-08
Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
Do I need to act?
!
52.2% chance of exploitation in next 30 days
EPSS score — higher than 48% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10
High
NETWORK
/ HIGH complexity
Affected Products (13)
Affected Vendors
References (40)
Third Party Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=681
Mailing List
http://marc.info/?l=bugtraq&m=120845064910729&w=2
Vendor Advisory
http://support.microsoft.com/kb/948590
US Government Resource
http://www.kb.cert.org/vuls/id/632963
Broken Link
http://www.osvdb.org/44213
Broken Link
http://www.osvdb.org/44214
Third Party Advisory
http://www.securityfocus.com/bid/28571
Third Party Advisory
http://www.securityfocus.com/bid/30933
Third Party Advisory
http://www.securitytracker.com/id?1019798
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA08-099A.html
Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-020/
and 20 more references
66
/ 100
high-risk
Severity
24/34 · High
Exploitability
25/34 · High
Exposure
17/34 · Moderate